Is DNS the Rodney Dangerfield of Your Cybersecurity Strategy?
Most people who were alive during the 1970’s and 80’s can easily recall the comedic stylings of Jacob Rodney Cohen, aka Rodney Dangerfield. Dangerfield, who is best known as a stand-up comedian and actor in hit movies such as Caddyshack and Back to School, was known for his comedic timing, crazy facial expressions, and catch phrase that seemingly resonated with everybody: “I get no respect.”
In that same vein, the domain name system (DNS) is perhaps the single-most important entity of the Internet that goes underappreciated, unnoticed, and, perhaps surprising to many, unsecured. Here’s why: as odd as it might sound now, the Internet wasn’t created with mass use or security in mind.
The Internet originated as a means for trusted professionals to communicate in a safe and open environment. And since DNS is an open source of the Internet that acts like a directory, accepting and routing queries, the concept of securing DNS from nefarious characters was never imagined.
All of that changed in 2008, when it was discovered that unprotected DNS could lead to cache poisoning attacks, which is the redirection of traffic to an alternative and unintended site.
Fast-forward to today, and you’ll find studies that point to DNS being the cyber attacker’s vector of preference. A recent Cisco report found that more than 90% of malware infections are carried out via DNS. DNS is also a prime target for Distributed Denial of Service (DDoS) attacks that can be carried out for the cost of a value meal at a fast food chain.
To make matters worse, DNS is frequently used as a source for data exfiltration, allowing criminals to siphon intellectual property, personally identifiable information, trade secrets, emails, and any other item that may reside on a server.
The good news is that you can protect your business and DNS from these threats. Here are a few easy steps to do so:
1. Don’t rely entirely on Internet Service Providers (ISP) or firewalls, routers, and standard email servers
These standard lines of defense are just that—standard. The primary function of an ISP is to provide Internet service, not to ensure the security of DNS. Firewalls, routers, and standard email servers weren’t built to defend against the types of advanced attacks that hackers deploy.
2. Answer the 4W’s (Who, What, Where, When)
Proper utilization of DNS can provide tremendous visibility into who’s accessing your website, the device(s) they’re using, and when and for how long they’ve visiting your website. Identifying where the threats reside can go a long way into designing a solid cybersecurity strategy.
3. Outsource your DNS to a Managed Service Provider
Most managed service providers offer the expertise, commitment, infrastructure, and security options that ISPs and in-house teams cannot afford. Since managed service providers exist to ensure website availability and security, many specialize in offering protection against DDoS attacks and have service centers available 24/7/365 to monitor and defeat threats.
Of course, security is just one component of DNS that is often misunderstood and underutilized. Strategic DNS management can expand operational efficiencies while allowing the IT team to focus on other strategic priorities.
So after all of this, is DNS part of your cybersecurity strategy yet… or does it have to publically beg for your respect?